Security

Security Policy

Our security practices, responsible disclosure program, and guidance for reporting vulnerabilities.

Our Approach to Security

Security is not an afterthought at Seifert Dynamics. It is a design discipline — one that informs the architecture of every system we build and the practices of every team we operate. We build systems for environments where security failures have real consequences, and we hold our own infrastructure and processes to the same standards we expect in client environments.

We maintain a responsible disclosure program for individuals who identify potential vulnerabilities in our systems, our website, or our published software. We treat security researchers with respect, respond to disclosures promptly, and do not pursue legal action against researchers who act in good faith.

Responsible Disclosure Program

If you have identified what you believe to be a security vulnerability in any Seifert Dynamics system, we ask that you disclose it to us privately before making it public. This gives us the opportunity to assess and remediate the issue before it can be exploited.

We are committed to working with researchers in good faith. We will acknowledge receipt of your report promptly, provide you with a realistic assessment timeline, and keep you informed of our progress. If the vulnerability is confirmed and remediated, we will notify you and, if you consent, acknowledge your contribution.

Scope

The following are in scope for responsible disclosure:

  • The seifertdynamics.com website and its subdomains
  • Any publicly accessible web applications or APIs operated by Seifert Dynamics
  • Published software artifacts or documentation that contain security-relevant issues

The following are out of scope:

  • Client systems, environments, or data — which are governed by client-specific security arrangements
  • Social engineering attacks targeting Seifert Dynamics personnel
  • Denial of service attacks or resource exhaustion testing
  • Physical security
  • Third-party services or infrastructure not operated by Seifert Dynamics

Reporting Process

To report a potential vulnerability, submit a detailed report using our security contact form. Your report should include:

  • A clear description of the vulnerability and its potential impact
  • The steps required to reproduce the issue
  • Any relevant technical details, screenshots, or proof-of-concept code
  • Your contact information for follow-up

Please do not include sensitive client data, personal data of third parties, or any data that should not have been accessed in your report.

Our Commitments

To researchers who disclose vulnerabilities in good faith, Seifert Dynamics commits to:

  • Acknowledging receipt of your report within two business days
  • Providing an initial assessment and timeline within ten business days
  • Not pursuing legal action against researchers acting within the scope and spirit of this policy
  • Keeping you informed of our remediation progress
  • Notifying you when a vulnerability has been remediated

General Security Practices

Seifert Dynamics applies the following practices across our systems and operations:

  • Encryption of data in transit and at rest across all systems we operate
  • Access controls based on least-privilege principles
  • Separation of client environments and internal systems
  • Regular review of access credentials and authorization controls
  • Security review as a standard component of the development lifecycle
  • Incident response procedures with defined escalation paths and communication requirements

For client-specific security arrangements, including data handling, access controls, and incident notification, please refer to the applicable agreement governing your engagement with Seifert Dynamics.